Cybersecurity: The need for data and patient safety with cardiac implantable electronic devices

Subrat Das¹, Gregory P Siroky², Shawn Lee², Davendra Mehta², Ranjit Suri³

Affiliations

¹ Department of Medicine, Mount Sinai Morningside-West, Icahn School of Medicine, New York, New York.
² Department of Cardiology, Mount Sinai Morningside, Icahn School of Medicine, New York, New York.
³ Department of Cardiology, Mount Sinai Morningside, Icahn School of Medicine, New York, New York. Electronic address: ranjit.suri@mountsinai.org.

PMID: 33059076
PMCID: PMC7550052
DOI: 10.1016/j.hrthm.2020.10.009

Review

Cybersecurity: The need for data and patient safety with cardiac implantable electronic devices

Subrat Das et al. Heart Rhythm. 2021 Mar.

. 2021 Mar;18(3):473-481.

doi: 10.1016/j.hrthm.2020.10.009. Epub 2020 Oct 12.

Authors

Subrat Das¹, Gregory P Siroky², Shawn Lee², Davendra Mehta², Ranjit Suri³

Affiliations

¹ Department of Medicine, Mount Sinai Morningside-West, Icahn School of Medicine, New York, New York.
² Department of Cardiology, Mount Sinai Morningside, Icahn School of Medicine, New York, New York.
³ Department of Cardiology, Mount Sinai Morningside, Icahn School of Medicine, New York, New York. Electronic address: ranjit.suri@mountsinai.org.

PMID: 33059076
PMCID: PMC7550052
DOI: 10.1016/j.hrthm.2020.10.009

Abstract

Remote monitoring of cardiac implantable electronic devices (CIEDs) has become routine practice as a result of the advances in biomedical engineering, the advent of interconnectivity between the devices through the Internet, and the demonstrated improvement in patient outcomes, survival, and hospitalizations. However, this increased dependency on the Internet of Things comes with risks in the form of cybersecurity lapses and possible attacks. Although no cyberattack leading to patient harm has been reported to date, the threat is real and has been demonstrated in research laboratory scenarios and echoed in patient concerns. The CIED universe comprises a complex interplay of devices, connectivity protocols, and sensitive information flow between the devices and the central cloud server. Various manufacturers use proprietary software and black-box connectivity protocols that are susceptible to hacking. Here we discuss the fundamentals of the CIED ecosystem, the potential security vulnerabilities, a historical overview of such vulnerabilities reported in the literature, and recommendations for improving the security of the CIED ecosystem and patient safety.

Keywords: Cardiac implantable electronic device; Cybersecurity; Data security; Hacking; Remote monitoring.

PubMed Disclaimer

Figures

**Figure 1**
Schematic diagram showing how remote information is transmitted from a patient’s cardiac implantable electronic device (CIED) to the health care provider. Starting from the patient, information uploaded from the patient’s CIED to the home monitoring system is transmitted to a central archiving system, which then uploads the information to the physician’s office. Once the physician/care team reviews the uploaded data, they can reach out to the patient to discuss necessary treatment options. RF = radiofrequency. (Illustrated by Dr Shawn Lee.)

**Figure 2**
Office scenario in which an office programmer is used to read from/write to the cardiac implantable electronic device. Security vulnerabilities inherent to the process are highlighted. ICT = inductive coil telemetry; RF = radiofrequency; SDR = software-defined radio. (Illustrated by Dr Shawn Lee.)

**Figure 3**
Timeline of cybersecurity events reported by security experts and the Food and Drug Administration (FDA), and the corrective measures taken by device manufacturers. CIED = cardiac implantable electronic device; ICD = implantable cardioverter-defibrillator; PPM = permanent pacemaker. (Illustrated by Dr Shawn Lee.)

**Figure 4**
Cardiac implantable electronic device ecosystem, hacker motives and methods, and various players involved in keeping the ecosystem secure. (Illustrated by Dr Shawn Lee.)

See this image and copyright information in PMC

Comment in

To the Editor-Technical accuracy with practical recommendations for CIED security.
Mendenhall GS. Mendenhall GS. Heart Rhythm. 2021 Dec;18(12):2227. doi: 10.1016/j.hrthm.2021.09.015. Epub 2021 Sep 17. Heart Rhythm. 2021. PMID: 34537411 No abstract available.

References

1. Maisel W.H., Paulsen J.E., Hazelett M.B., Selzman K.A. Striking the right balance when addressing cybersecurity vulnerabilities. Heart Rhythm. 2018;15:e69–e70. - PubMed
1. Slotwiner D., Varma N., Akar J.G. HRS Expert consensus statement on remote interrogation and monitoring for cardiovascular implantable electronic devices. Heart Rhythm. 2015;12:e69–e100. - PubMed
1. Arndt R.Z. Hacked medical devices could wreak havoc on health systems. January 20, 2018. Modern Healthcare. https://www.modernhealthcare.com/article/20180120/NEWS/180129999/hacked-...
1. Federal Communications Commission Establishment of a medical implant communications service in the 402-405 MHz Band. Federal Register. 1999;64:69926–69934. - PubMed
1. Cox TJ. Frequency agile telemetry system for implantable medical device, 2004. US Patent 6,763,269.

Publication types

Actions

MeSH terms

Actions
Actions
Actions
Actions
Actions
Actions

LinkOut - more resources

Full Text Sources
Other Literature Sources
- The Lens - Patent Citations Database
- scite Smart Citations
Medical
- MedlinePlus Health Information

Save citation to file

Email citation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

Cybersecurity: The need for data and patient safety with cardiac implantable electronic devices

Affiliations

Cybersecurity: The need for data and patient safety with cardiac implantable electronic devices

Authors

Affiliations

Abstract

Figures

Comment in

References

Publication types

MeSH terms

LinkOut - more resources

Full Text Sources

Other Literature Sources

Medical